Monday’s lawsuit is the SEC’s first against a corporate security chief in relation to a hack. A year ago, the regulator served so-called Wells notices related to its investigation of the cyberattack to SolarWinds and Tim Brown, vice president of security and CISO, signaling intentions to pursue a civil case. Chief Financial Officer J. Barton Kalsu also received a notice but wasn’t named in the SEC’s complaint Monday. SolarWinds has said its actions were appropriate and it plans a vigorous defense.
To guard against expensive and possibly career-damaging litigation, some CISOs are asking for the kind of personal protection normally reserved for top executives, such as severance agreements and directors and officers insurance.
Source: Cyber Chiefs Worry About Personal Liability as SEC Sues SolarWinds, Executive – WSJ
